Okay, I made the change you recommended and I no longer get the error I was, but I'm not getting a new error:
Caused by: org.xml.sax.SAXParseException; lineNumber: 82; columnNumber: 105; cvc-elt.4.2: Cannot resolve 'ph:SAML2SLO' to a type definition for element 'ph:ProfileHandler'. ------------------------------------------- I haven't made any other changes to the handler.xml outside of the ones recommended by Unicon in the CAS-Shib integration guide. Ben Branch UNIX/Linux Administrator University of Central Oklahoma ITIL Foundation v3, Network+, RHCSA 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | [email protected] | www.uco.edu “I am wiser than this man, for neither of us appears to know anything great and good; but he fancies he knows something, although he knows nothing; whereas I, as I do not know anything, so I do not fancy I do. In this trifling particular, then, I appear to be wiser than he, because I do not fancy I know what I do not know.” - Socrates -----Original Message----- From: Andrew Morgan [mailto:[email protected]] Sent: Wednesday, June 25, 2014 2:28 PM To: [email protected] Subject: RE: [cas-user] CAS-Shib Integration: Getting an error when deploying the idp.war If I'm reading the shibboleth-2.0-idp-profile-handler.xsd right, the elements must be placed in the file in a specific order: <xsd:element name="ProfileHandlerGroup"> <xsd:annotation> <xsd:documentation>Root of a profile handler configuration file.</xsd:documentation> </xsd:annotation> <xsd:complexType> <xsd:sequence> <xsd:element name="ErrorHandler" type="ErrorHandlerType"/> <xsd:element name="ProfileHandler" type="RequestHandlerType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="LoginHandler" type="LoginHandlerType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> </xsd:element> Put the CAS-Shib LoginHandler down with the other LoginHandler elements (after the ProfileHandlers). Andy On Wed, 25 Jun 2014, Ben Branch wrote: > Chris, > > I should have posted the full xml file to show that I believe those > pieces are in the handler.xml > > Full handler.xml: > > <?xml version="1.0" encoding="UTF-8"?> > > <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:shib-cas="http://unicon.net/shib-cas/authn"; > > xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler > > classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd > http://unicon.net/shib-cas/authn > classpath:/schema/casLoginHandler.xsd"> > > > <!-- CAS/Shib IDP External Login Handler. propertiesFile attribute is > optional --> <ph:LoginHandler xsi:type="shib-cas:CasLoginHandler" > propertiesFile="/opt/shibboleth-idp/conf/cas-shib.properties"> > > <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod> > <shib-cas:paramBuilder > class="net.unicon.idp.authn.provider.extra.EntityIdParameterBuilder" > /> </ph:LoginHandler> > > <!-- Error Handler --> > <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" > jspPagePath="/error.jsp"/> > > <!-- Profile Handlers --> > <!-- > All profile handlers defined below are accessed via the Servlet path > "/profile" so if your profile > handler's request path is "/Status" then the full path is > "<servletContextName>/profile/Status" > --> > <ph:ProfileHandler xsi:type="ph:Status"> > <ph:RequestPath>/Status</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAMLMetadata" > metadataFile="/opt/shibboleth-idp/metadata/idp-metadata.xml"> > <ph:RequestPath>/Metadata/SAML</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" > inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post > > urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"> > <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" > inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"> > <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" > inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"> > <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SSO" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> > <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SSO" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> > <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SSO" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> > <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SSO" > inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> > <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2ECP" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"> > <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SLO" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> > <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SLO" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> > <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SLO" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST > > urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"> > <ph:RequestPath>/SAML2/POST-SimpleSign/SLO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SLO" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"> > <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2SLO" > inboundBinding="urn:mace:shibboleth:2.0:profiles:LocalLogout"> > <ph:RequestPath>/Logout</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"> > <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath> > </ph:ProfileHandler> > > <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" > inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" > > outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"> > <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath> > </ph:ProfileHandler> > > <!-- Login Handlers --> > <ph:LoginHandler xsi:type="ph:RemoteUser"> > > <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod> > </ph:LoginHandler> > > <!-- Login handler that delegates the act of authentication to an external > system. --> > <!-- This login handler and the RemoteUser login handler will be merged in > the next major release. --> > <!-- > <ph:LoginHandler xsi:type="ph:ExternalAuthn"> > > <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod> > <ph:QueryParam name="foo" value="bar" /> > </ph:LoginHandler> > --> > > <!-- Username/password login handler --> > <!-- > <ph:LoginHandler xsi:type="ph:UsernamePassword" > > jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config"> > > <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod> > </ph:LoginHandler> > --> > > <!-- > Removal of this login handler will disable SSO support, that is it > will require the user to authenticate > on every request. > --> > <ph:LoginHandler xsi:type="ph:PreviousSession"> > > <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod> > </ph:LoginHandler> > > </ph:ProfileHandlerGroup> > > Ben Branch > UNIX/Linux Administrator > University of Central Oklahoma > ITIL Foundation v3, Network+, RHCSA > > 100 N. University Drive, Box 122 > Edmond, OK 73034 > D: 405.974.2649 | M: 405.550.6804 | [email protected] | www.uco.edu > > “I am wiser than this man, for neither of us appears to know anything > great and good; but he fancies he knows something, although he knows > nothing; whereas I, as I do not know anything, so I do not fancy I do. > In this trifling particular, then, I appear to be wiser than he, > because I do not fancy I know what I do not know.” - Socrates > > -----Original Message----- > From: Charles Hasegawa [mailto:[email protected]] > Sent: Wednesday, June 25, 2014 1:04 PM > To: [email protected] > Subject: Re: [cas-user] CAS-Shib Integration: Getting an error when > deploying the idp.war > > ok, seeing that their definition of login handler is expecting an > ErrorHandler. > > You should check that they have a valid file. The expectation was that they'd > ADD to the existing handler.xml, not just have a file with the header and > loginHandler. They still need all the other stuff. > > > > ----- Original Message ----- > From: "Ben Branch" <[email protected]> > To: [email protected] > Sent: Wednesday, June 25, 2014 10:18:38 AM > Subject: [cas-user] CAS-Shib Integration: Getting an error when > deploying the idp.war > > > > > All, > > > > I’ve been following the Unicon guide on how to integrate Shibboleth with CAS. > I thought I had everything configured properly, but that does not appear to > be the case. I’m getting the following error in my catalina.out: > > > > Jun 25, 2014 11:32:47 AM org.apache.jk.server.JkMain start > > at > org.apache.catalina.core.StandardService.start(StandardService.java:51 > 6) > > at > org.apache.catalina.core.StandardServer.start(StandardServer.java:710) > > at org.apache.catalina.startup.Catalina.start(Catalina.java:593) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j > ava:57) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess > orImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > Caused by: > edu.internet2.middleware.shibboleth.common.service.ServiceException: > Configuration was not loaded for shibboleth.HandlerManager service, error > creating components. > > at > edu.internet2.middleware.shibboleth.common.config.BaseService.loadCont > ext(BaseService.java:192) > > at > edu.internet2.middleware.shibboleth.common.config.BaseReloadableServic > e.initialize(BaseReloadableService.java:148) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j > ava:57) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess > orImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanF > actory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java: > 1414) > > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanF > actory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375) > > at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanF > actory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335) > > ... 39 more > > Caused by: org.xml.sax.SAXParseException; lineNumber: 14; columnNumber: 66; > cvc-complex-type.2.4.a: Invalid content was found starting with element > 'ph:LoginHandler'. One of > '{"urn:mace:shibboleth:2.0:idp:profile-handler":ErrorHandler}' is expected. > > at > org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unk > nown Source) > > at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source) > > at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) > > at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) > > at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) > > at > org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportEr > ror(Unknown Source) > > at > org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown > Source) > > at > org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknow > n Source) > > at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown > Source) > > at > org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unkno > wn Source) > > at > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentD > ispatcher.dispatch(Unknown Source) > > at > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unk > nown Source) > > at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) > > at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) > > at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) > > at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) > > at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source) > > at > edu.internet2.middleware.shibboleth.common.config.SpringDocumentLoader > .loadDocument(SpringDocumentLoader.java:56) > > at > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBe > anDefinitions(XmlBeanDefinitionReader.java:396) > > at > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBean > Definitions(XmlBeanDefinitionReader.java:342) > > at > org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBean > Definitions(XmlBeanDefinitionReader.java:310) > > at > org.springframework.beans.factory.support.AbstractBeanDefinitionReader > .loadBeanDefinitions(AbstractBeanDefinitionReader.java:143) > > at > edu.internet2.middleware.shibboleth.common.config.SpringConfigurationU > tils.populateRegistry(SpringConfigurationUtils.java:89) > > at > edu.internet2.middleware.shibboleth.common.config.BaseService.loadCont > ext(BaseService.java:170) > > ... 47 more > > > > Jun 25, 2014 11:32:47 AM org.apache.catalina.core.StandardContext > start > > SEVERE: Error listenerStart > > Jun 25, 2014 11:32:47 AM org.apache.catalina.core.StandardContext > start > > SEVERE: Context [/idp] startup failed due to previous errors > > > > > > My /opt/shibboleth-idp/handler.xml (as per the Unicon guide): > > <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > xmlns:shib-cas="http://unicon.net/shib-cas/authn"; > > xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler > > classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd > > http://unicon.net/shib-cas/authn > > classpath:/schema/casLoginHandler.xsd"> > > > > > > <!-- CAS/Shib IDP External Login Handler. propertiesFile attribute is > optional --> > > <ph:LoginHandler xsi:type="shib-cas:CasLoginHandler" > > propertiesFile="/opt/shibboleth-idp/conf/cas-shib.properties"> > > <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspec > ified</ph:AuthenticationMethod> > > <shib-cas:paramBuilder > class="net.unicon.idp.authn.provider.extra.EntityIdParameterBuilder" > /> > > </ph:LoginHandler> > > > > ------------------------------------------------------------------- > > > > I’m not really sure where to go on this, I believe I have everything setup > properly, but I do not understand why I am still receiving this error > message. Any help on this would be greatly appreciated. > > > > > > Ben Branch > UNIX/Linux Administrator > > University of Central Oklahoma > > ITIL Foundation v3, Network+, RHCSA > > 100 N. University Drive, Box 122 > > Edmond, OK 73034 > > D: 405.974.2649 | M: 405.550.6804 | bbranch@uco. edu | www.uco.edu > > > > “ I am wiser than this man, for neither of us appears to know anything > great and good; but he fancies he knows something, although he knows > nothing; whereas I, as I do not know anything, so I do not fancy I do. > In this trifling particular, then, I appear to be wiser than he, > because I do not fancy I know what I do not know. ” - Socrates > > > **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and > Green! Please print this e-mail only if absolutely necessary! > > **CONFIDENTIALITY** -This e-mail (including any attachments) may > contain confidential, proprietary and privileged information. Any > unauthorized disclosure or use of this information is prohibited. -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and > Green! Please print this e-mail only if absolutely necessary! > > **CONFIDENTIALITY** This e-mail (including any attachments) may contain > confidential, proprietary and privileged information. Any unauthorized > disclosure or use of this information is prohibited. > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
